Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Malware HELP!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Malware HELP!

Unread postby Klick » March 7th, 2008, 10:00 am

Thanks,

AVG popped up during the scan and alerted me of a trojan horse. I attached the screenshot.

Deckard's System Scanner v20071014.68
Run by Andrew on 2008-03-07 07:54:35
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
163: 2008-03-07 13:54:45 UTC - RP163 - Deckard's System Scanner Restore Point
162: 2008-03-06 18:38:24 UTC - RP162 - System Checkpoint
161: 2008-03-05 18:26:10 UTC - RP161 - System Checkpoint
160: 2008-03-04 14:49:45 UTC - RP160 - System Checkpoint
159: 2008-02-28 15:10:45 UTC - RP159 - System Checkpoint


-- First Restore Point --
1: 2007-12-10 22:44:49 UTC - RP1 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Andrew.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:56:52 AM, on 3/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Xfire\xfire.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Andrew\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: TELUS Desktop Calendar.lnk = C:\Program Files\TELUS Desktop Calendar\TELUS_Desktop_Calendar.exe
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wbsys.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 10387 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 PQNTDrv - c:\windows\system32\drivers\pqntdrv.sys <Not Verified; PowerQuest Corporation; PowerQuest product>
R2 ANIO (ANIO Service) - c:\windows\system32\anio.sys <Not Verified; Alpha Networks Inc.; ANIO (NT5) Driver>
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Apple Mobile Device - "c:\program files\common files\apple\mobile device support\bin\applemobiledeviceservice.exe" <Not Verified; Apple, Inc.; Apple Mobile Device Service>
R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>

S2 ANIWZCSdService (ANIWZCSd Service) - c:\program files\ani\aniwzcs2 service\aniwzcsds.exe <Not Verified; Wireless Service; ANIWZCS2 Service Launcher (NT)>
S2 CLTNetCnService (Symantec Lic NetConnect service) - "c:\program files\common files\symantec shared\ccsvchst.exe" /h cccommon (file missing)
S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A3\3&2411E6FE&0&51
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0264&SUBSYS_81C01043&REV_A3\3&2411E6FE&0&51
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_816A1043&REV_A3\3&2411E6FE&0&A0
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0269&SUBSYS_816A1043&REV_A3\3&2411E6FE&0&A0
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:


-- Scheduled Tasks -------------------------------------------------------------

2008-03-04 11:19:02 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-02-07 and 2008-03-07 -----------------------------

2008-03-07 07:37:18 0 d-------- C:\Documents and Settings\Andrew\Application Data\skypePM
2008-03-07 07:37:18 32 --a------ C:\Documents and Settings\All Users\Application Data\ezsid.dat
2008-03-07 07:35:12 0 d-------- C:\Documents and Settings\Andrew\Application Data\Skype
2008-03-07 07:35:06 0 d-------- C:\Program Files\Skype
2008-03-07 07:35:05 0 d-------- C:\Program Files\Common Files\Skype
2008-03-07 07:34:48 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-03-05 22:13:57 0 d-------- C:\Documents and Settings\Andrew\Application Data\Malwarebytes
2008-03-05 22:13:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-05 22:13:49 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 22:46:51 0 d-------- C:\Program Files\TELUS Desktop Calendar
2008-02-26 22:46:06 201728 --a------ C:\WINDOWS\system32\TELUS 2008 Nature.scr <Not Verified; ScreenTime Media; ScreenTime For Flash>
2008-02-26 22:46:06 0 d-------- C:\WINDOWS\system32\TELUS 2008 Nature dir
2008-02-26 18:13:38 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-21 08:04:58 0 d-------- C:\Documents and Settings\Andrew\Application Data\Nero
2008-02-21 08:04:22 368640 --a------ C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corporation; TwnLib4 - TwainPRO v4.0 - Utility Library>
2008-02-21 08:04:22 802816 --a------ C:\WINDOWS\system32\imagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:22 258048 --a------ C:\WINDOWS\system32\imagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:21 1757184 --a------ C:\WINDOWS\system32\imagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2008-02-21 08:04:20 0 d-------- C:\Program Files\Nero
2008-02-21 08:04:20 0 d-------- C:\Program Files\Common Files\Nero
2008-02-21 08:04:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-02-20 20:14:01 77 --a------ C:\WINDOWS\system32\winitn.dll
2008-02-20 20:13:59 2535424 --a------ C:\WINDOWS\system32\agsaamj.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioCompress3 Module>
2008-02-20 20:13:59 90112 --a------ C:\WINDOWS\system32\agsaami.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFormatSettings3 Module>
2008-02-20 20:13:59 610304 --a------ C:\WINDOWS\system32\agsaamg.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFile3 Module>
2008-02-20 20:13:58 372736 --a------ C:\WINDOWS\system32\agsaamc.dll <Not Verified; Online Media Technologies Ltd.; NCTAudioFileWMA3 Module>
2008-02-20 20:13:58 53760 --a------ C:\WINDOWS\system\ppacklib.dll <Not Verified; ; ZLib.DLL>
2008-02-20 20:13:51 1 --a------ C:\WINDOWS\sslzdlt.dll
2008-02-20 20:13:50 237568 --a------ C:\WINDOWS\system32\lame_enc.dll
2008-02-20 20:13:48 0 d-------- C:\Program Files\AML Products
2008-02-17 08:36:38 0 d-------- C:\Program Files\BitPim
2008-02-14 20:41:44 0 d-------- C:\logs
2008-02-12 18:08:11 0 d-------- C:\Program Files\Avanquest update
2008-02-12 18:06:29 0 d-------- C:\Program Files\Common Files\Motorola Shared
2008-02-12 18:06:21 0 d-------- C:\Program Files\Motorola Phone Tools
2008-02-12 18:06:21 0 d-------- C:\Documents and Settings\All Users\Application Data\BVRP Software
2008-02-07 22:20:36 171792 --a------ C:\WINDOWS\system32\wjview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-02-07 22:20:35 172304 --a------ C:\WINDOWS\system32\jview.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>
2008-02-07 22:20:33 49424 --a------ C:\WINDOWS\system32\clspack.exe <Not Verified; Microsoft Corporation; Microsoft(R) Windows (R) Operating System>


-- Find3M Report ---------------------------------------------------------------

2008-03-07 07:52:43 0 d-------- C:\Documents and Settings\Andrew\Application Data\SiteAdvisor
2008-03-07 07:35:05 0 d-------- C:\Program Files\Common Files
2008-03-05 22:22:54 0 d-------- C:\Program Files\Xfire
2008-03-05 19:39:03 0 d-------- C:\Program Files\Steam
2008-03-04 22:42:26 0 d-------- C:\Program Files\FlashGet
2008-03-03 23:29:37 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-02-27 21:37:23 0 d-------- C:\Documents and Settings\Andrew\Application Data\LimeWire
2008-02-26 07:33:19 0 d-------- C:\Documents and Settings\Andrew\Application Data\Xfire
2008-02-20 20:50:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-19 21:20:45 0 d-------- C:\Documents and Settings\Andrew\Application Data\Google
2008-02-19 21:20:14 0 d-------- C:\Program Files\Google
2008-02-18 13:47:03 0 d-------- C:\Documents and Settings\Andrew\Application Data\GSC
2008-02-13 21:30:53 0 d-------- C:\Program Files\Common Files\Adobe
2008-02-12 18:08:11 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-02-09 19:31:18 36104 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpowerAMP Music Converter.dat
2008-02-09 19:31:18 131072 --a------ C:\WINDOWS\system32\SpoonUninstall.exe
2008-02-09 09:08:35 0 d-------- C:\Documents and Settings\Andrew\Application Data\Azureus
2008-02-08 22:30:46 0 d-------- C:\Program Files\Bus-Simulator 2008
2008-02-06 19:48:27 0 d-------- C:\Program Files\Web Publish
2008-02-04 19:44:29 0 d-------- C:\Program Files\GSC
2008-02-01 20:31:00 0 d-------- C:\Program Files\WarRock
2008-01-29 21:21:44 0 d-------- C:\Program Files\World of Warcraft
2008-01-29 17:48:04 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-01-22 17:24:59 0 d-------- C:\Program Files\Mozilla Firefox 3 Beta 2
2008-01-22 16:20:09 0 d-------- C:\Program Files\Activision
2008-01-21 19:03:25 0 d-------- C:\Documents and Settings\Andrew\Application Data\Adobe
2008-01-21 17:58:53 0 d-------- C:\Program Files\Common Files\Acronis
2008-01-21 17:58:51 0 d-------- C:\Program Files\Acronis
2008-01-21 17:55:27 0 d-------- C:\Documents and Settings\Andrew\Application Data\Help
2008-01-21 17:54:45 0 d-------- C:\Program Files\Symantec
2008-01-21 15:55:33 0 d-------- C:\Documents and Settings\Andrew\Application Data\InternetCalls
2008-01-20 23:29:19 0 d-------- C:\Program Files\PeerGuardian2
2008-01-19 18:12:29 0 d-------- C:\Documents and Settings\Andrew\Application Data\teamspeak2
2008-01-19 18:12:28 0 d-------- C:\Program Files\Teamspeak2_RC2
2008-01-19 18:00:27 0 d-------- C:\Program Files\Ahead
2008-01-18 21:15:03 0 d-------- C:\Documents and Settings\Andrew\Application Data\Ventrilo
2008-01-18 21:14:34 0 d-------- C:\Program Files\Ventrilo
2008-01-18 07:50:59 0 d-------- C:\Documents and Settings\Andrew\Application Data\Apple Computer
2008-01-17 07:57:15 0 d-------- C:\Program Files\Sierra
2008-01-16 17:06:27 0 d-------- C:\Program Files\iTunes
2008-01-16 17:06:16 0 d-------- C:\Program Files\iPod
2008-01-16 17:05:20 0 d-------- C:\Program Files\QuickTime
2008-01-13 22:36:04 0 d-------- C:\Program Files\MSXML 6.0
2008-01-13 19:50:32 0 d-------- C:\Program Files\Starcraft
2008-01-13 14:08:17 0 d-------- C:\Program Files\Bonjour
2008-01-13 14:00:31 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-12 22:28:20 0 d-------- C:\Program Files\COMODO
2008-01-12 22:28:20 0 d-------- C:\Documents and Settings\Andrew\Application Data\Comodo
2008-01-12 18:36:12 0 d-------- C:\Documents and Settings\Andrew\Application Data\SUPERAntiSpyware.com
2008-01-12 17:48:13 0 d-------- C:\Documents and Settings\Andrew\Application Data\CyberLink
2008-01-12 17:47:29 0 d-------- C:\Program Files\CyberLink
2008-01-12 16:48:27 0 d-------- C:\Program Files\Vstplugins
2008-01-12 16:48:09 0 d-------- C:\Program Files\Sony
2008-01-12 16:46:19 0 d-------- C:\Program Files\MSBuild
2008-01-12 16:43:04 0 d-------- C:\Program Files\Reference Assemblies
2008-01-12 12:44:31 0 d-------- C:\Documents and Settings\Andrew\Application Data\FileZilla
2008-01-12 11:30:58 0 d-------- C:\Program Files\FileZilla Client
2008-01-12 11:23:46 0 d-------- C:\Documents and Settings\Andrew\Application Data\SmartFTP
2008-01-12 11:23:36 0 d-------- C:\Program Files\SmartFTP Client
2008-01-11 12:53:11 0 d-------- C:\Program Files\Army Operations
2008-01-11 12:19:16 0 d-------- C:\Program Files\GameSpy Arcade
2008-01-11 11:54:50 0 d-------- C:\Documents and Settings\Andrew\Application Data\GetRightToGo
2008-01-11 11:48:02 0 d-------- C:\Documents and Settings\Andrew\Application Data\Opera
2008-01-11 11:47:56 0 d-------- C:\Program Files\Opera
2008-01-10 08:22:14 0 d-------- C:\Program Files\Stardock
2008-01-08 15:51:21 34807 --a------ C:\WINDOWS\scunin.dat
2008-01-08 15:51:20 967 --a------ C:\WINDOWS\ScUnin.pif
2008-01-08 15:51:20 70656 --a------ C:\WINDOWS\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-01-07 20:50:20 0 d-------- C:\Program Files\Microsoft ActiveSync
2008-01-07 18:11:08 61 ---hs---- C:\WINDOWS\cnerolf.dat
2008-01-07 18:07:58 0 d-------- C:\Program Files\vasfmc
2008-01-07 18:06:19 0 d-------- C:\Program Files\SquawkBox3
2008-01-07 08:06:07 552 --a------ C:\Documents and Settings\Andrew\Application Data\AutoGK.ini
2008-01-06 17:47:51 43602 --a------ C:\WINDOWS\system32\xvid-uninstall.exe
2008-01-02 18:21:05 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-01-01 18:41:11 616 --a------ C:\WINDOWS\eReg.dat
2007-12-30 11:10:32 34308 --a------ C:\BASSMOD.DLL
2007-12-30 11:02:11 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-12-27 18:26:10 2195 --a------ C:\WINDOWS\mozver.dat
2007-12-27 10:21:25 16 --a------ C:\WINDOWS\bnsacomm64_c.dll
2007-12-26 20:34:04 38400 --a------ C:\WINDOWS\31838.exe
2007-12-24 22:10:03 34 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.log
2007-12-24 22:09:56 47360 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-12-24 22:09:56 1144 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.inf
2007-12-24 22:09:56 7887 --a------ C:\Documents and Settings\Andrew\Application Data\pcouffin.cat
2007-12-19 08:55:16 659456 --a------ C:\WINDOWS\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2007-12-19 08:54:55 51 --a------ C:\WINDOWS\NOT FOUND
2007-12-10 17:40:15 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-10 16:37:16 0 -rahs---- C:\MSDOS.SYS
2007-12-10 16:37:16 0 -rahs---- C:\IO.SYS
2007-12-10 16:37:16 0 --a------ C:\CONFIG.SYS
2007-12-10 16:37:16 0 --a------ C:\AUTOEXEC.BAT
2007-12-10 16:34:14 21640 --a------ C:\WINDOWS\system32\emptyregdb.dat
2007-12-10 10:27:43 62 --ahs---- C:\Documents and Settings\Andrew\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [10/04/2007 05:14 PM]
"nwiz"="nwiz.exe" [10/04/2007 05:14 PM C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [10/04/2007 05:14 PM]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [10/27/2004 03:21 PM C:\WINDOWS\system32\HdAShCut.exe]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [12/18/2006 09:34 PM]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07/13/2006 07:12 AM]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [09/07/2006 11:19 AM]
"googletalk"="C:\Program Files\Google\Google Talk\googletalk.exe" [01/01/2007 03:22 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"D-Link Wireless G WUA-1340"="C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [08/27/2007 04:25 PM]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [01/19/2007 11:49 AM]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [12/21/2007 09:57 AM]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [12/20/2007 09:16 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [01/10/2008 03:27 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [01/15/2008 03:22 AM]
"NeroCheck"="C:\WINDOWS\system32\\NeroCheck.exe" [07/09/2001 04:50 AM]
"OSSelectorReinstall"="C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [02/22/2007 07:53 PM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [12/06/2007 06:06 AM]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [01/26/2008 05:43 PM]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [02/01/2008 05:22 PM]

C:\Documents and Settings\Andrew\Start Menu\Programs\Startup\
Xfire.lnk - C:\Program Files\Xfire\xfire.exe [2/20/2008 7:57:28 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [1/21/2008 7:02:06 PM]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [1/26/2008 5:43:19 PM]
TELUS Desktop Calendar.lnk - C:\Program Files\TELUS Desktop Calendar\TELUS_Desktop_Calendar.exe [11/12/2007 6:10:10 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbsrv.dll 01/10/2008 08:23 AM 229376 C:\Program Files\Stardock\Object Desktop\WindowBlinds\WbSrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=wbsys.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"




-- End of Deckard's System Scanner: finished at 2008-03-07 07:57:38 ------------
You do not have the required permissions to view the files attached to this post.
Klick
Active Member
 
Posts: 11
Joined: February 27th, 2008, 12:41 am
Advertisement
Register to Remove

Re: Malware HELP!

Unread postby sjpritch25 » March 7th, 2008, 10:35 am

Was AVG able to quarantine the file??
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: Malware HELP!

Unread postby Klick » March 7th, 2008, 6:54 pm

sjpritch25 wrote:Was AVG able to quarantine the file??

No, I didn't try. I thought it would be best for you to take a look at first.
Klick
Active Member
 
Posts: 11
Joined: February 27th, 2008, 12:41 am

Re: Malware HELP!

Unread postby sjpritch25 » March 7th, 2008, 7:20 pm

Okay, go ahead and run a full system scan and let me know if it was succesfully quarantined. Thanks.
User avatar
sjpritch25
Regular Member
 
Posts: 324
Joined: June 30th, 2007, 6:16 pm
Location: West Coast of Florida

Re: Malware HELP!

Unread postby Klick » March 15th, 2008, 9:18 am

Hello,

Thank you for your help, but I ended up reformatting.
Klick
Active Member
 
Posts: 11
Joined: February 27th, 2008, 12:41 am

Re: Malware HELP!

Unread postby Elrond » March 25th, 2008, 7:45 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 495 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware